Lista CVE - 2021 / Ottobre
Visualizzazione 301 - 400 di 1706 CVE per Ottobre 2021 (Pagina 4 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-41126 | 2021-10-06 | Deleted Admin Can Sign In to Admin Interface |
| CVE-2021-41128 | 2021-10-06 | CSV Injection Vulnerability in Hygeia |
| CVE-2021-29908 | 2021-10-06 | The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID:... |
| CVE-2021-38923 | 2021-10-06 | IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. |
| CVE-2021-1534 | 2021-10-06 | Cisco Email Security Appliance URL Filtering Bypass Vulnerability |
| CVE-2021-34788 | 2021-10-06 | Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability |
| CVE-2021-34782 | 2021-10-06 | Cisco DNA Center Information Disclosure Vulnerability |
| CVE-2021-34780 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34779 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34778 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34777 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34776 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34775 | 2021-10-06 | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities |
| CVE-2021-34772 | 2021-10-06 | Cisco Orbital Open Redirect Vulnerability |
| CVE-2021-34766 | 2021-10-06 | Cisco Smart Software Manager Privilege Escalation Vulnerability |
| CVE-2021-34758 | 2021-10-06 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability |
| CVE-2021-34757 | 2021-10-06 | Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities |
| CVE-2021-34748 | 2021-10-06 | Cisco Intersight Virtual Appliance Command Injection Vulnerability |
| CVE-2021-34744 | 2021-10-06 | Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities |
| CVE-2021-34742 | 2021-10-06 | Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability |
| CVE-2021-34735 | 2021-10-06 | Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities |
| CVE-2021-34711 | 2021-10-06 | Cisco IP Phone Software Arbitrary File Read Vulnerability |
| CVE-2021-34710 | 2021-10-06 | Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities |
| CVE-2021-34706 | 2021-10-06 | Cisco Identity Services Engine XML External Entity Injection Vulnerability |
| CVE-2021-34702 | 2021-10-06 | Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability |
| CVE-2021-34698 | 2021-10-06 | Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability |
| CVE-2021-1594 | 2021-10-06 | Cisco Identity Services Engine Privilege Escalation Vulnerability |
| CVE-2021-41129 | 2021-10-06 | Authentication bypass in Pterodactyl |
| CVE-2021-42044 | 2021-10-06 | An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messag... |
| CVE-2021-42043 | 2021-10-06 | An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the... |
| CVE-2021-42042 | 2021-10-06 | An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution... |
| CVE-2021-42041 | 2021-10-06 | An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript... |
| CVE-2021-42040 | 2021-10-06 | An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is... |
| CVE-2021-42049 | 2021-10-06 | An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters... |
| CVE-2021-42048 | 2021-10-06 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by... |
| CVE-2021-42047 | 2021-10-06 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger... |
| CVE-2021-42046 | 2021-10-06 | An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. |
| CVE-2021-42045 | 2021-10-06 | An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a... |
| CVE-2020-21648 | 2021-10-06 | WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. |
| CVE-2020-21649 | 2021-10-06 | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. |
| CVE-2020-21650 | 2021-10-06 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. |
| CVE-2020-21651 | 2021-10-06 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. |
| CVE-2020-21652 | 2021-10-06 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. |
| CVE-2020-21653 | 2021-10-06 | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. |
| CVE-2020-21654 | 2021-10-06 | emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. |
| CVE-2020-21656 | 2021-10-06 | XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. |
| CVE-2020-21658 | 2021-10-06 | A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. |
| CVE-2021-21682 | 2021-10-06 | Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on... |
| CVE-2021-21683 | 2021-10-06 | The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers... |
| CVE-2021-21684 | 2021-10-06 | Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site... |
| CVE-2021-22930 | 2021-10-07 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. |
| CVE-2021-26556 | 2021-10-07 | When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. |
| CVE-2021-26557 | 2021-10-07 | When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. |
| CVE-2021-42053 | 2021-10-07 | The Unicorn framework through 0.35.3 for Django allows XSS via component.name. |
| CVE-2021-42054 | 2021-10-07 | ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. |
| CVE-2021-41770 | 2021-10-07 | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. |
| CVE-2021-32172 | 2021-10-07 | Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. |
| CVE-2021-40978 | 2021-10-07 | The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and... |
| CVE-2021-3832 | 2021-10-07 | Integria IMS Remote Code Execution |
| CVE-2021-22958 | 2021-10-07 | A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with... |
| CVE-2021-41865 | 2021-10-07 | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway... |
| CVE-2021-36150 | 2021-10-07 | SilverStripe Framework through 4.8.1 allows XSS. |
| CVE-2021-28661 | 2021-10-07 | Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. |
| CVE-2021-35067 | 2021-10-07 | Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). |
| CVE-2021-33903 | 2021-10-07 | In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user... |
| CVE-2021-41794 | 2021-10-07 | ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the... |
| CVE-2021-40726 | 2021-10-07 | Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-40725 | 2021-10-07 | Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-3833 | 2021-10-07 | Integria IMS incorrect authorization |
| CVE-2021-3834 | 2021-10-07 | Integria IMS vulnerable to Cross Site Scripting (XSS) |
| CVE-2021-37926 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37928 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37929 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37930 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37931 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37918 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37922 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. |
| CVE-2021-37924 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37923 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37921 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37920 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37919 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. |
| CVE-2021-37762 | 2021-10-07 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. |
| CVE-2021-28129 | 2021-10-07 | DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid |
| CVE-2021-40439 | 2021-10-07 | Billion Laughs |
| CVE-2021-42013 | 2021-10-07 | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| CVE-2021-42071 | 2021-10-07 | In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. |
| CVE-2021-23447 | 2021-10-07 | Cross-site Scripting (XSS) |
| CVE-2021-20372 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518. |
| CVE-2021-20375 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID:... |
| CVE-2021-20376 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. |
| CVE-2021-20473 | 2021-10-07 | IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force... |
| CVE-2021-20481 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20489 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the... |
| CVE-2021-20552 | 2021-10-07 | IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could... |
| CVE-2021-20561 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-20571 | 2021-10-07 | IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-20584 | 2021-10-07 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. |
| CVE-2021-29700 | 2021-10-07 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system.... |
| CVE-2021-41130 | 2021-10-07 | X-Endpoint-API-UserInfo can be spoofed in cloudendpoints Extensible Service Proxy |